From 1b04cd6f94211ec3acf751b025f7fbf5814de473 Mon Sep 17 00:00:00 2001
From: Nettika <git@nettika.cat>
Date: Wed, 8 Oct 2025 17:16:52 -0700
Subject: [PATCH] Setup matrix on apogee

---
 hosts/apogee/default.nix                      |  4 ++-
 hosts/apogee/matrix.nix                       | 28 +++++++++++++++++++
 .../apogee/secrets/synapse-secrets-config.age |  6 ++++
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 hosts/apogee/matrix.nix
 create mode 100644 hosts/apogee/secrets/synapse-secrets-config.age

diff --git a/hosts/apogee/default.nix b/hosts/apogee/default.nix
index f74e348..f4f1c0b 100644
--- a/hosts/apogee/default.nix
+++ b/hosts/apogee/default.nix
@@ -1,7 +1,9 @@
 { ... }: {
-  imports = [ ./gandicloud.nix ];
+  imports = [ ./matrix.nix ./gandicloud.nix ];
 
   networking.hostName = "apogee";
 
+  services.postgresql.enable = true;
+
   promptSymbol = "ðŸ”­";
 }
diff --git a/hosts/apogee/matrix.nix b/hosts/apogee/matrix.nix
new file mode 100644
index 0000000..76d329c
--- /dev/null
+++ b/hosts/apogee/matrix.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+let domain = "leaf.ninja";
+in {
+  age.secrets.synapse-secrets-config.file =
+    ./secrets/synapse-secrets-config.age;
+
+  services.matrix-synapse = {
+    enable = true;
+    extraConfigFiles = [ config.age.secrets.synapse-secrets-config.path ];
+    settings = {
+      server_name = domain;
+      database_type = "psycopg2";
+      database_args.database = "matrix-synapse";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    8448 # Matrix federation
+  ];
+
+  services.caddy = {
+    enable = true;
+    virtualHosts."matrix.${domain}".extraConfig = ''
+      reverse_proxy /_matrix/* localhost:8008
+      reverse_proxy /_synapse/client/* localhost:8008
+    '';
+  };
+}
diff --git a/hosts/apogee/secrets/synapse-secrets-config.age b/hosts/apogee/secrets/synapse-secrets-config.age
new file mode 100644
index 0000000..5c762df
--- /dev/null
+++ b/hosts/apogee/secrets/synapse-secrets-config.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 f+PJrQ 2Gd75cRZviUH5xYRTC+6oKAT5/FfpY2zfMJVYwVlcCs
+eA4B5qHSoPujIgcpBl4UOT8ovvdiTUb16Yk/lHNJJKo
+--- 58bdTWl7z2skdVACACl/aAt76ciYkJOjnvDyendgKpQ
+Q¼³¿‡vð¨ÖÑ=·VU&÷‡ÿLd°<¸#³¥Ëh~yð"«kvõ1Iƒz?Â»›’U“……üåH
+rÑYIm½¤lÒÈhÓû&ðÁªPqžK>Œsž;ÕæÉ…uX7·¥Îó©¿z-¦(êÈ¬
\ No newline at end of file